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REMA1IKSI/4RGUMENTS 

This supplemental amendment is submitted in response to the Office Action 
mailed August 24, 2007 for making additional clarifying amendments to the claims and 
for setting forth additional reasons as to why AppUcants rejected claims should be 
deemed patentable over the cited references. Further, the amendment should place the 
application in condition for reconsideration and allowance. Claims 15-18 and 20-34 are 
active in the ^plication 

By this amendment, claim 15 has been amended for the puipose of pointing out with 
greater particularity, the subject matter of the present invention and for clarifying certain 
antecedents used in the claim. For example, amended cUim 15 recites that the isolation 
ensures that operations performed bv t he input/output module and encryption 
module can be earned out in parallel in accordance with the teachings of the present 
invention. It will be noted that diis language was both presented and considered 
previously in connection with earUer Office Actions. Applicants submit that the 
15 language is consistent with the teachings ofthe present invention. For example, in the 
illustrated embodiment ofthe present invention, the isolation means is described as being 
implemented by a dual port memory. Clearly, such a memory allows operations to be 
carried out in parallel as necessary such as when two devices access the memory at the 
same time. Accordingly, AppUcants submit that the amendments made to claim 15 
should not be deemed to raise new issues or necessitate a new search. If it is deemed 
desirable. Applicants are willing to amend the ^licable portions ofthe specification to 
make this description clearer consistent with the translation ofthe priority document. 
Also, Claim 29 was amended to clarify antecedents used in the claim and remove 
repetitive recitations included in the claim. Also, claims 18, 20 and 28 were amended to 
25 point out with greater particularity, the features of the CMOS memory. Other claims 
were amended for the puipose of providing proper antecedent basis for the elements 
recited therein. With these amendments, the claims should now be in proper form for 
allowance. For the reasons stated above, the amendments should not be deemed to raise 
new issues or necessitate a new search. 
30 Applicants traverse the Examiner's rejection of claims 15-17 and 29-32 under 35 

U.S.C. 103(a) as being unpatentable over US patent 4,604,683 to Russ et al in view of US 



20 
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patent 6,021,201 to Bakhle et al. The Office Action states that Russ et al discloses an 
encryption circuit for simultaneously processing various encryption algorithms as set 
forth in claim 15. Applicants respectfully disagree for the following leasons. 
Claim 15 

5 According to the background of the invention section of the Russ et al patent, the 

invention is directed to an improved communications control unit useful for front end 
protocol processing of data communicated between a host processor and a 
communications network. Further, according to the Russ et al patent, it discloses 
architecture for avoiding microprocessor bus contention in favor of RAM contention for 
10 enhancing aggregate system perforaiance. The Russ architecture is characterized by a 
central multiport random access memory (RAM) and microprocessor whose data transfer 
bus can be conceptually considered as segmented into multiple buses each connected to a 
different RAM port. Performance advantages in Russ are obtained in using multiple 
independent buses capable of perforaiing operations concurrently and by shifting the 
1 5 traditional throughput limitations from microprocessor bus contention to RAM 
contention. According to Russ, RAM arbitration and RAM cycles are typically much 
faster than microprocessor bus atbitration and bus cycles. 

The Russ et al patent further states that in accordance with an important aspect of 
the invention, the four bus segments can function independently of one another, thus 
20 allowing bus cycles on one bus to occur independently of cycles on any other bus. 
Additionally, Russ states that the RAM (i.e. memory array and related memory control 
logi<^) includes means for isolating the bus segments so that bus cvcles occur 
independently of memory arrav cycles. That is, each bus segment can generate bus 
cycles and when these cycles do not require resources attached to other bus segments, the 
25 cvcles can proceed indenendentlv of each other and also independently of the RAM > A 
further aspect of the Russ invention is that the RAM includes arbitration logic to establish 
priority between the bus segments competing for control of the RAM memory bus. Also, 
a stated significant feature of the Russ preferred embodiment is that microprocessor 
controlled bus interface circuits are provided to selectively coimect or discoimect from 
30 one anoth er, depending on the type of activity currently being executed. 
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From the above, it is seen that Russ teaches a front-end processor architecture for 
a host computer system. By contrast, claim 15 is directed to the architecture of an 
encryption circuit which can be used with a host computer system. The only connection 
to an interface other than that of the host processor is a serial link used for inputting basic 
5 keys through a secure path independent of the normal functional path (host computer bus) 
as defined in claims 30 and 31. Therefore, the elements 50, 51, 52, 54 and 56 cited in the 
Office Action which corresponds to a microprocessor and its resources connected to a 
CBus all form part of the front-end processor architecture and not an encryption circuit 
which is adapted to be coupled to a host computer system as recited in claim 15, 

10 The control registers 56 of Russ cited as connecting the C Bus/microprocessor to 

the UNIBUS of the host computer via a dedicated bus are described as including a 
Unibus control and status register 204 and a Unibus vector register 206. These registers 
provide an interrupt c^ability that enables the host processor to intenupt the 
microprocessor via a multifunction peripheral (MFP) 54 for allowing the fix>nt-end 

15 processor to transfer a block of data from the Unibus memory to the multiport RAM. 
The actual data transfer requires the use of direct memory access controller (DMAC) 60 
which is also required to be used for the transfer of data from the multiport RAM to the 
encryption unit located on the D Bus. 

Thus, Applicants submit that Russ can not be said to provide an input/output 

20 module that couples to a host computer via a dedicated bus as defined in claim 15. By 
contrast, Russ discloses a microprocessor responsive to an interrupt caused by the host 
for enabling the front end processor (UPB) to transfer a block of data from the host 
UNIBUS memory to RAM via DMAC 60 and the DBUS port (see column 11, lines 32- 
54), 

25 Furthermore, in distinguishing the description in Russ from the teachings of the 

present invention as defined in claim 15, the multiple bus arrangement and use of a single 
DMAC and a shared DBUS in Russ completely precludes any parallelism of the 
operations being performed by an input/output module (i.e» data exchanges between the 
module and the host computer system) and an encryption module (performing encryption 

30 and decryption operations) as defined in claim 15 because in Russ the same bus, the 
DBUS, is utilized for these two operations so they cannot proceed in parallel. Russ 
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illustrates this by tbe following examples of operations: The microprocessor unit 
connected to the CBUS can fetch an instruction from a read only memory also connected 
to the CBUS (operations confined to C Bus resources) while the DMA controller coupled 
to the DBUS is writing a word into a data encryption device also coupled to the DBUS* 
5 Concurrently, a second DMA controller coupled to the PBUS can write a word into the 
central RAM while a UNIBUS slave cycle takes place on the UBUS, Further, column 
12, lines 62-65 state that in accordance with the preferred embodiment, only a single 
direct access controller is connected to each bus segment and thus, there is very little bus 
arbitration overhead or contention for the bus. 

10 The Office Action cites the description discussed above in column 11, lines 37-62 

relative to the data exchanges between the host (connected to the Unibus and U Bus) and 
encryption unit (D-Bus) as meeting the recitation in claim 15 of: the input/output module 
handles data exchanges between the host system and the encryption circuit . Apphcants 
submit that this recitation is not met by the cited description for the following reasons. 

15 The cited description describes the host as initiating/causing a block transfer operation to 
take place by generating an interrupt and storing block transfer parameters in a set of 
software communications registers. It is only after the block has been transferred ar^ 
there additional operations that may be performed which are application dependent. Such 
operations may involve processing by specific UPB peripheral components such as 

20 ^pending a checksum or encrypting the block of data is need are performed which are 
application dependent- These operations are performed by writing the block from RAM 
into either the checksum generator or the data encryption processor. Thus, in Russ, there 
are no data exchanges which generally occur between the microprocessor and the 
encryption processor Rus$ shows a block transfer occurring between the host and RAM 

25 which is initiated by a host interrupt Such transfer takes place under the control of 
DMAC 60 which then performs a read of the Unibus via the U bus and then a write to 
RAM via the D bus port. 

As described in the cited material, if the block written to RAM needs to be 
encrypted, both the data encryption processor (DEP) 306 and the DMAC 60 will be 

30 initialized. The block will be read from memory in eight byte segments written into the 
DEP which will encrypt each segment and inform the DMAC when it is ready. Another 
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channel will then read the segment from the DEP and write it back to RAM. Tliis 
operation will be repeated for each segment through the entire block. From this, it seems 
clear that the various data exchanges between the RAM and DEP are haiidled by the 
DMAC 60 and not the microprocessor as stated in the Office Action. Moreover, these 
5 exchanges m Russ are required to proceed serially through the RAM which allocates 
memory cycles on a priority basis. Applicants submit that this arrangement teaches away 
from the arrangement defined in claim 15 in which the encryption circuit of the present 
invention ensures that such operations can proceed in parallel. 

The OfiSce Action cites colimin 9^ lines 25-60 as disclosing an encryption module 
10 which provides for the storage of all sensitive information of the encryption circuit. 
Applicants find the cited description to disclose a data encrypt and checksum processor 
62 which is fiirther described as including a data encrypt processor DEP 306 and a 
checksum generator 307. Appendix B lists an AmZ8068 Data Ciphering Processor 
described in the MOS Microprocessor and Peripherals Data Book Advanced Micro 
15 Devices. This is an integrated circuit chip that can be used to perform encryption or 
decryption. It is understood that to do both, two such chips would be required. The chip 
is used to provide a hardware implementation of the well-known DBS algorithm. Since 
the cited circuit is a chip, there is no indication how such chips would be configured to 
carry out encryption and decryption operations and the management of sensitive data, 
20 Therefore, one would have to speculate what components are contained in the chip and 
how they would be configured to perform the operations specified in claim 15. 

The Office Action cites column 2, lines 35-43 as disclosing a RAM configured for 
isolation means operatively connected between the input/output module and the 
encryption module, the isolation means configured to make sensitive information 
25 inaccessible to the host computer. In cited material contained in the summary of 
invention section of the Russ patent, the RAM is defined as including a memory array 
and control logic. Column 5, lines 43-59 of the Russ patent describe the arrangement of 
transceiver gates 80, 82, 84 and 86 for terminating each data bus segment and that the 
transceiver gates fimction to isolate the bus segments from the RAM array so that the bus 
30 cvcle timin g can be independent of the mcmorv cvcle timing of the RAM array. 
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By contrast and as discussed above, claim 15 defines isolation means connected 
between the input/output module and encryption module, the isolation means being 
configured to make the sensitive information stored in the encryption module 
inaccessible to the host computer system and ensures that the operations of the 
5 input/output module and encryption module can proceed in paraUeL Clearly, this 
arrangement defined in claim 15 is not shown or suggested by the teachings of the Russ 
patent. As discussed above, the Russ patent teaches away from such parallelism. Also, 
as noted in the Office Action, as discussed herein, Russ does not disclose the storage of 
sensitive information, let alone making it inaccessible to a host system as defined in 

10 claim 15. Accordingly, in view of the above. Applicants submit that claim 15 as 
amended distinguishes patentably over the teachings of Russ. 

As noted, the Office Action aclaiowJedges that Russ is silent about sensitive 
information stored in the encryption module. As discussed above, since the chip provides 
a hardware implementation of the DES algorithm, there may be no need to incorporate 

15 sensitive information in such chip which is a consideration that involves management of 
sensitive informatioiL Since Russ is primarily concerned with providing a front end 
processor, the handling of sensitive information relative to performing an encryption 
operation need not be addressed. In fact, it could be said that Russ teaches away from 
providing storage of sensitive information. As stated in the previously cited material in 

20 column 12 of the Russ, a block is encrypted only if it needs to be encrypted otherwise; 
the data encryption processor DEP 306 is not initialized. Thus, encryption is merely one 
of a number of options which further indicates that there is no need suggested to address 
the handling of sensitive information by the front end processor of Russ. Further, since 
the host system initiates a block transfer operation via an interrupt and supplies required 

25 parameters, it is logical to assume that the host would also supply encryption parameters 
for carrying, out the encryption either prior to or when the block needs to be encrypted. 
By contrast, claim 15 is directed to an encryption circuit which is designed to carry out 
encryption operations for a host processor and not to a front end processor which may 
perform encryption. Further, there is suggestion that the host may provide the encryption 

30 parameters and therefore attempting to isolate its opemtion from the encryption processor 
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would be contrary to its teachings. This is an additional rea$on as to why claim 15 
distinguishes patentably over the teachings of Russ. 

The Office Action further cites the Bakhle patent as disclosing an input/output 
module, a dual port memory for perforrauag parallel processing of different cryptographic 
5 operations and an encryption circuit which comprises a key storage unit for storing 
sensitive information as defined by Applicants claim 15. Apphcants respectfully 
disagree. Applicants find Bakhle to disclose a cryptographic device 140 which includes a 
management processor (microprocessor) 142 responsible for providing data to device 140 
via a system bus 145 using a direct memory access unit 144 to stream data into the device 
10 from a memory subsystem also connected to the system bus in common with processor 
and I/O $ubsystems. The device 140 contains a cipher unit 150 and hash unit 140 in 
addition to a security unit 250. The security unit 250 insures that the cipher unit 150 and 
the hash unit 154 operate on the same set of data Tsamc data blocks and that no new data 
is presented to the units until both units have completed the processing on the current 
15 block of data. The device 140 also includes a buffer unit 188 which includes a pair of 
buffers implemented with a triple ported register RAM capable of supporting two read 
ports and one write port. 

As seen from the above, the parallelism provided in the Bakhle patent is relative 
to the processing of a single block wherein a cipher unit and a hash unit can operate on 
20 the same block for providing encryption and decryption services and for generating a 
hash value corresponding to the message. To do this, the cipher unit operates on a block 
of data having a first predetermined size and the hash unit operates on a data block 
having a second predetermined size. Thus, the operations while providing parallelism 
relative to processing a single block of data are unable to proceed independently of each 
25 other in that they are so limited by the security enhancement unit. In essence, the two 
units of Bakhle can be viewed as collectively performing a single encryption operation. 
As stated in the patent, the invention provides a single pass system (collective operations 
on each block of data at a time) in contrast to the prior art system of having a cipher unit 
process the message first and pass the message to a hash unit to perform the hash 
30 computation on the message. This differs fit)m the teachings of the present invention 
relative to simultaneously processing various encryption algorithms as defined in claim 
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IS As a« additional comm«it. one xnay view the hashing operation ofBaJchle is not truly 
axa encryption operation iI^ that hashir^g is a transformation that takes an input and r^toms^ 
a fi^ed-size string which is called the hash valne. It is normally a part or an encryption 
operation that amhenticates a message or vaUdates the encryption / decryption process. 
5 hnt is not In itself actually an encryption operation. BakMe does not suggest any fiirtber 
parallelism of encryption processing- 
Further, it will ho noted that the operations of the cryptographic device require 
access to a stream of data from memory which is also illustrated in the system disclosed 
in Figure 7 of the patent. These different modea of operation and requirements, teach 
lO away from any attempt to modify or adapt the encryption circuit of Russ to provide 
storage in an encryption circuit as taught by Bakhle. Xhat is. BaKhle contemplates the 
availability of a message source (a data stream) and therefore, for example, connects 
directly to the system bus in Figure 1 or directly to a source in Figure T. By contrast. 
Russ provides for the connection of an encryption unit to memory via a low priority 
15 RAM port. Tberefore. Applicants submit that to attempt to combine the teachings of the 
two patents a* proposed in the Office Action could give rise to unpredictable results or 

lead to inopembility. „ . . , 

As concerns the storage of sensitive data, the RAM storage unit 164 of Bakhle is 
described as storing a plurality of keys with each key corresponding to a particular 
20 variation of the DBS algorithm. The DBS algorithm is a public algorithm that employs a 
single secret key for encryption and decryption and is a symmetric algorithm meaning 
that both the sender and r^ver must know the secret key. The parties transmitting and 
receiving messages agree on the particular key to be used for communication. The 
present in^vention also provides support for encryption algorithms which are asymmetric 
25 and thus dependent on the secrecy of multiple private keys which can be stored for long 
periods within the isolated storage of the encryption unit. Keeping these keys secret from 
ttie host system provides a security and an operational advantage- Thus. Applicants 
submit that one could conclude that the storage provided in Bakhle does not contain the 
same sensitive information stored in the encryption module which is made inaccessible to 
30 the host computer system as specified in claim 15. It should be noted that it is the 
selection of the particular key to be used as agreed to by the parties that provides the 
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r«,uir«l seouonr W that this key »el«.rio« i« made via a manaB»o.ent processor .»ue<l 
«,^™a i.. B«Whl=. U «l=o l^p....^m .o note that <)c«« ..ot d,«»«. 

.^^sement or k«y>. m tcrm9 of proviai..g ,«-.i.Hty or proxecQon -a-i.-rt accoas. But. 
tQther BakWe do«s discuw me9««e amhex..i..»t.io., of mossageB ««ix.ii ais^t-» «Bnatur«!. 
^ Wh™ security Is d!«.„»=d to B^o. It i« rvl..l«-. to ,«.t,rity t«ut i50 >~lxlcl. ix^crcaaoa 
,»,= acouraoy of the -ys.«n mamtaixung th« mon,icity of data blocU» »^ dxs<:..».«l 
^« Ky i«™rtos that the cipl,«- axtd h«h tmite op«™te o« .l,c ™ set of d«a h«J 'hal 
„o ^.w <tata i« prcsemed to -THt« .mtil bo* h^vc «»...^1C«1 th<> p«>c«»iua o-' 

cwt».l dat» Woclc. B«KMe does o„. .1c«ribo lotteer terox of private Key* or th= 

1 o loaxUna «f » >'•«= key oo*^" ««y«.r»t«l trom the ho« syKieo. 

U,,p«rt-iitly. it IB seen tb«. R^lcHle docs not proviU^ for p-r^Ileiiam between 
.he transfer of W.>olc» of data o«<l eocrypdo. opcr««ion« for the r«,s- .n» dtsc^ssed atoo^e. 
A^oordJ-Bly, fo. all of t>,o ^ove reason-, oUim 15 »bould be d=«o.a patentable over tl»e 
Ci^posed coo.bir...ion of the Ru^ »a Bakb.e pronto. A notK-e ,„ tbt. cffcot .s 
15 respect ftiUy EolvciicJ. 

pntontaWy over «.T«bmcd refereneeH i.. pro^^dins 
™e««» which coo.p.i« a dual port mextxory. Fie-= 1 of the IU«s pate.,t =«ed ^ 
th. Omce Actloo di<=olose» . .v.„l.n>oxt K/V>^ whleh i» ta greater detail ... 

20 ^ « Figure the RAl^ 2« includes 3rbiLr>.Uo^ ard oont«,l exrctms ^2 and a 

Plurality of .«e...ory ports 22. Tl« „..,l.iport KAI^ 20 Is w-pc..ir.c^.ly designed to allocate 
xxxemory -.ce^s - a priority ba^ls. ^^..<.r^B to the tea=hix.B. of thia is necessary 

for shi«inB .l.e traditioxxal throt^ghpot li.r,i.ed operations fh,..x mioroproeessor bu. 
contention to RAlvl ,.,nt=nUon. -Therefor., ™ch an an:a««emeol is toxahlo ta^iay^e 
2S nn-r---- r— i..t>u . ^ o , .tn,.. ,n^^^.1>^ -.tirt ,ucr yp t1or. n i i>.1.>l= bo o atTied 
^^.l^as d.r...«3 «=.aitn 15 upon whi.* ie depends Also .ho iaoluUon .n 

K.,,,. i, p^vided by a bus interface module 30 of Fig..^ which include. » 
Lr„»se.nvcr gates 1^0. 142. .nd , 44 as Stated in .in.« 1 0-15 of column 7. Tlus .~>dulc 
tli^n, iiot frrrm part of raultipork memory 20- 
30 In V.ew Of the forefioina. AppHeants submit that .ho ^.T^bimttion of ref™cs 

olted in O.^ Ofneo AcUon does «h„w or suggest a,, arrangement defined by 
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dependent claim 16 directed to a dual port memory which operatively comiects between 
the input/output module and the encryption module, is configured to make sensitive 
inforaiation stored in the encryption module inaccessible to the host computer system and 
ensures that the operations performed by the input/output module and encryption module 
5 can be carried out in parallel. Accordingly, claim 16 should be deemed patentable and a 
notice to this effect is respectfully solicited. 
Claim 17 

For the reasons given above relative to claim 16, claim 17 should also be deemed 
patentable over the proposed combination of references cited in the OfiBce Action. 

10 Column 2, lines 35-43 of Russ cited in the Office Action discuss that the four bus 
segments can function independently of one another, thus allowing bus cycles on one bus 
to occur independently of cycles on any other bus. As stated in column 4 of Russ, when 
these buses do not require resources attached to other bus segments, the cycles can 
proceed independently. Therefore, when resources on the bus segments need to access 

15 the multiport memory 20 at the same time, there can not be independent bus cycles or 
cycles which are independent of the cycles of RAM 20 as taught by Russ (see column 4, 
lines 10-16). Further, as discussed above, the multiport RAM 20 arbitrates requests for 
memory cycles on a priority basis. Therefore, the mixltitport RAM 20 is unable to 
simultaneously handle exchanges of data, commands and status between the i nput/output 

20 and encrvntion modules as defined in claim 17. 

The Office Action also cites column 9, lines 45-61 of Bakhle which describe the 
components of the secxnity unit 250 as including an IN BUFFER which is a FIFO buffer 
implemented as a triple ported register RAM that supports two read ports and one write 
port The security unit 230 controls buffer addressing which enables simultaneous 

25 addressing of odd and even banks of the IN BUFFER which can be read as a combination 
(64 bits) or individually (32 bits). This allows the cipher unit 150 to process 64 bits of 
data and the hash unit 154 to process 32 bits of data. As previously discussed, the 
security unit 250 ensures that the cipher unit 150 and hash unit 154 operate on the same 
set of data and that no new data is presented to both units until they both have completed 

30 processing on the current data block (see colmnn 9, lines 14-19). Accordingly, it is seen 
that the security unit 250 is unable to provide simultaneous exchange of data, commands 
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and status between the input/output and encryption modules or isolation of these modules 
as defined in claim 17. Accordingly, for these reasons, claim 17 should be deemed 
patentable over the cited teachings of Bakhle. 

5 Claim 29 

This claim should be deemed patentable for the same reasons set forth relative to claim 
15. Claim 29 defines that the input/output module comprises an input/output processor 
aud PCI interface integrating DMA channels responsible for executing data transfers 
between the host computer system and the encryption circuit and that the input/output 
10 module memory comprises a flash memory containing the code of the input/output 
processor and a PCI interface integrating DMA channels and a static RAM that receives a 
copy of the contents of the flash memory upon startup of the input/output processor. This 
arrangement is not found in the portions of the Russ and Bakhle patents cited in Office 
Action. 

15 More specifically, column 3, lines 59-65 of Russ describes the interface circuits 

30, 32, and 34 of the front end processor which are used to establish connections between 
bus segments whenever the microprocessor 50 references a device not on the CBUS (see 
column 8, lines 11-14 and Figure 2). The cited lines 59-62 of column 4 describe the 
multifunction peripheral (MFP) device 54 as being used to generate tuning signals and 

20 interrupts for devices without vector capability. Column 9, lines 1-7 describe the 
function of the system configuration register 200 as controUing the generation and 
detection of RAM parity, bus timeouts, and other status information. It describes 
LED/SW register 202 as a means of providing operator input/output, the UNIBUS 
control and stams register UCSR 204 (a communications register) as controlling 

25 interaction with the UNIBUS principally DMA and interrupt capability (enables the 
UNIBUS acquisition logic 362) and the UVECT register 206 as containing a 
programmable UNIBUS interrupt vector applied to the UNIBUS when a grant is obtained 
by the UNIBUS acquisition logic 362. 

Applicants submit tiiat these citations neither show nor suggest an encryption 

30 circuit microcontroller that comprises an input/output processor and a PCI interface and a 
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flash memory, let alone integrating DMA channels responsible for executing data 
transfers between the host system and the encryption circuit. 

The Office Action cites portions of the Bakhle patent as disclosing an encryption 
circuit in which a microprocessor comprises and input/output processor and a PCI 
5 interface and a flash memory, integrating DMA channels responsible for executing the 
data transfers between the host system and the circuit. By contrast, the cited material in 
column 4, lines 26-67 describes different subsystems and their components connected in 
common to a system bus 145 which also couples to a cryptographic device 140 which 
may alternatively couple to the systems I/O bus 158 or local bus within the host processor 
10 111 of the system. The material describes the VO subsystem of Figure 1 as including an 
I/O controller 131 acting as an interface between the I/O bus 158 and the system bus 145, 
providing a communication path for transferring information between devices coupled to 
different buses. 

The material in column 5, lines 34-44 of Bakhle cited in the Office Action 
15 describes in greater detail, one of the components of the cryptographic device 140, 
namely the management processor (MP) 142 which connects to the system bus 146. 
According to the cited material, component MP142 shown in Figure 2 is responsible for 
providing data to an integrated hash and cipher unit referred to as a Bulk Cryptographic 
Cluster (BCC) 148 of device 140 which provides cryptographic services to MP142. As 
20 discussed in the cited material, software executing on the MP142 configures a direct 
memory access (DMA) 144 unit to stream data into the BCC 148 s^parently from the 
memory subsystem. 

Fiorn the above description, Applicants submit that the cited system does not 
disclose an encryption circuit which includes a microprocessor let alone a microprocessor 

25 which comprises an input/output processor and a PCI interface and a flash memory and 
DMA channels as defined in claim 29 in contrast to what is stated in the Office Action. 
Here, it is a management processor component of the cryptographic device 140 that 
streams data from memory and not a microprocessor component of an input/output 
module which is responsible for executing transfers between the host system and the 

30 encryption circuit as defined in claim 29. Accordingly, based on these differences, claim 
29 should be deemed patentable over the cited portions of Bakhle. 
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The Office Action again cites column 4, lines 16-27 of Bakhle for disclosure of a 
flash memory containing the code of the input/output processor (i,e. lines 38-42) and an 
SRAM memory that receives a copy of the contents of the flash memory upon startup of 
the mput/output processor (i.e. lines 26-67). The cited material describes that the 
5 memory subsystem 120 may include a memory controller 121 (which connects to the 
host system via the system bus) as controlling access to one or more devices 122 such as 
a DRAM, ROM, VRAM and the like. These memory devices store information for use 
by the host processor 121, 

This arrangement of a computer system memory subsystem in Bakhle is 
10 completely different from that of an input/output module of an encryption circuit defined 
in claim 29. For example, there is no showing or suggestion of a flash memory storing 
code of the input/output processor let alone providing a copy of its contents to a static 
RAM upon startup of the input/output processor as defined in claim 29, In fact, Bakhle 
states to the contrary, the information contents of the memory devices are for use by the 
15 system host processor. Further, Applicants find no reference to instructions in the cited 
material as stated in the Office Action, Accordingly^ for these additional reasons, claim 
29 should be deemed patentable over the cited teachings of Bakhle. A notice to this 
effect is respectfully solicited 
Claims 30-31 

20 The Office Action cites column 12, lines 48 through column 13, line 25 for 

disclosure of a card supporting the encryption circuit as defined in claims 30-31. It will 
be noted that in the illustrated embodiment of Applicants invention, the reference to card 
refers to the architecture of the encryption circuit embodied by a circuit supported by a 
PCI (Peripheral Component Interconnect) card. By contra$t> the cited material in column 

25 12 describes the operation of a data transaction system 330 of Figure 7 which is an 
entirely different embodiment fi-om the system embodiment of Figure L As described in 
Bakhle, the data transaction system 330 has three components: data source 332, cipher 
and hash unit 148 and verification unit 336. As noted in the cited material, the data 
source 332 can be an ATM machine, a POS terminal or any other unit that takes data and 

30 forwards that data to verification unit 336. Further, the material states that the data 
source 332 provides plain text to the data transaction system 330 and is described as 
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including a keyboard, a magnetic reading device for reading a magnetic stripe on a card 
(e.g. ATM card or card) and a communication line (e.g. telephone line). Since any card 
reader that u$ed as a data source 332 is required to provide plain text to the system 330, it 
should be clear that this path is not intended to be secure. Further, the example that the 
5 communication line being used is a telephone Ime provides additional evidence that such 
path is not secure as specified in claims 30-31. 

Thus, Applicants find the cited material absent any disclosure of a dedicated PCI 
bus or a phone line for performing remote encryption operation and transmitting specific 
algorithm or a serial link that allows downloading of proprietary aleorithms/keys into a 

10 first encryption submodule or that the serial link connected to inpnt such keys is 
independent of the dedicated PCI bus as provided in claims 30-31. In fact, the cited 
material states that the data source provides plain text and such transmission would be 
controlled by the data source as is normally done in the described types of terminal 
transaction systems. This is in contrast to having such transmission being controlled by 

15 an encryption module as defined in claims 30-31. Also, since there is no dedicated bus 
used in the embodiment of Figure 7, there is no need to make the telephone 
communications path independent of a dedicated PCI bus as recited in claim 30. 
Accordingly, for the above stated reasons, claims 30-31 should be deemed patentable 
over the cited teachings of Bakhle. 

20 Claim 32 

For the reasons given above regarding claim 31, claim 32 should also be deemed 
patentable over the material cited in column 12, lines 47-65 of Bakhle discussed above. 
Applicants find no teaching in the cited material regarding including a card supporting an 
encryption circuit as defined in claim 32. 

25 

Claims 18 > and 33-34 

Applicants traverse the rejection of claims 18 and 20-28 and 33-34 under 35 USC 
103(a) as being unpatentable over US patent 4,604,683 to Russ et al m view of US patent 
6,021,201 to Bakhle et al as applied to claims 15-17 and further in view of IBM 
30 Technical Disclosure Bulletin, Cryptographic Microcode Loading Controller for Secure 
Function, September 1991, NB910934, Pages 1-5. For the reasons given that claims 15- 
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17 distinguish patentably over the cited teachings of Russ and Bakhle, claims 18, 20-28 
and 33-34 should also be deemed patentable. 
Claims 18 and 2Q 

Accordingly, for the reasons discussed above. Applicants disagree that as per 
5 claims 18 and 20 both cited references disclose the encryption circuit of claims 15-17 as 
stated m the Office Action- Relative to claims 18 and 20, the Office Action cites column 
5, lines 14-67 and Figure 3 of Bakhle as disclosing an input/output module including a 
microcontroller and memory, a first encryption sub-module, dedicated to the processing 
of symmetric encryption algorithms, and being coupled with a first bus of the dual-port 

10 memory; a second encryption sub-module, dedicated to the processing of asymmetric 
encryption algorithms and being coupled with the first bus of the dual-port memory and 
including a separate internal second bus isolated firan the first bus of the dual-port 
memory and including a separate internal second bus isolated fiom the first bus of the 
dual-port memory, performing parallel processing. Applicants find no such arrangement 

15 inBahkle, 

Also, Applicants disagree with the statements made in the Office Action that it 
would be obvious to modify the encryption circuit in Russ to provide first and second 
encryption modules for simultaneously performing various encryption, algorithms as 
taught by Bakhle because one of ordinary skill in the art would be motivated to modify 

20 the encryption circuit of because of the suggestions in Bakhle of providing a 
cryptographic device capable of performing cryptographic operations in different formats 
while one type of operation is being performed another type can be performed 
concurrently or in parallel, for instance one cipher processor can operate on data having a 
first size whereas another processor can operate on a second block size. The Office 

25 Action cites column 5, lines 14-67, Figure 3 and column 1, lines 32-45 of Bakhle in 
support of these statements. 

Column 5, lines 14-67 and Figure 3 have been discussed relative to the rejection 
of claim 15, It should be noted that lines 21-22 of colunm 5 state that the BCC 148 
perfomis ciphering operations in parallel with hashing operations on a block of data. 

30 Bakhle also states that the ciphering and hashing operations occur concurrently or in 
parallel and are atomic ( i.e. until both activities are complete^ no reload of data is 
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permitted). From this, it is seen that Bakhle does not treat the operations being 
performed on a block of data a$ distinct independent different types of encryption 
operations. As stated in lines 44-49 of column 5, Bakhle describes the encryption 
software executing on the MP 142 as creating a digital signature using the hash value and 
5 appends it to the message. Also, lines 66-67 through column 6, line 3 describe the hash 
unit as including an input for receiving plain text and an output for providing a digital 
signature based on the plain text and that it does not operate on encrypted text . This 
description also treats the operations of the hash unit as being distinct from the encryption 
operations performed by the cipher unit. 

10 Therefore in view of the above. Applicants submit that Bakhle does not teach an 

encryption module that comprises a first encryption sub-module, dedicated to the 
processing of symmetric encryption algorithms and a second encryption sub-module 
dedicated to the processing of asymmetric encryption algorithms as recited in claims 18 
and 20. Also, Applicants find the cited material of Bakhle absent first and second 

1 5 encryption sub-modules being coupled to the first bus of the dual-port memory as defined 
in claims 18 and 20. Further, Applicants fmd the cited material of Bahkle absent a 
separate internal second bus isolated fi-om the first bus of the dual-port memory as recited 
in the rejected claims. It should be noted that as defined by claims 18 and 20, the dual 
port memory is operatively connected between the input/output module and the 

20 encryption module. Therefore, the dual-port memory does not form part of the 
encryption module which would be the case in Bakhle if one were to equate the BCC 
input buffer components as including such elements. That is, as discussed in column 9 of 
Bakhle, the buffer unit included in the BCC 148 of Figure 3 cited in the Office Action, 
has an input buffer 190 and an output buffer 196, each of which is implemented by a tri- 

25 ported register RAM circuit. As seen fix3m Figure 3, there is no first bus or internal 
second bus or connections to a dual port memory as specified in claims 18 and 20. 

As to the motivation to combine the teachings of Bakhle and Russ as described in 
the OfGce Action, Applicants point out that Russ utilizes an encryption processor DEP 
306 and a checksum generator 307 whose result is appended to a data block when 

30 needed. Thus, the checksum generator 307 can be likened to the hash unit whose result is 
qjpended to a message. As shown in Figure 6, both of the units 306 and 307 connect to 
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the DBUS which in ftim connects both units to port 2 of the multiport RAM 20. As 
previously discussed, Russ teaches that when a checksum needg to be appended, a block 
from the RAM 20 will be written into the checksum generator 307. Also, when the block 
needs to be encrypted^ the block will be read from RAM 20 in eight byte segments and 
5 written into FDEP 306 (see column 11, line 63 to column 12, line 11). Thus, Russ 
employs a mode of operation wherein either encryption processor DEP 306 or checksum 
generator 307 will receive blocks from port 2 of RAM 20. Since the same port is 
required to be used by both units, encryption and checksum generation can not be 
performed in parallel. This is apparently not necessary since these operations are only 

10 performed as needed. In view of the foregoing, even if one could modify Russ to 
incorporate the encryption and hash unit of Bakhle as proposed in the Office Action, 
there would be no advantages to do so in the system of Ru$s since such operations are 
performed only as needed and the cipher and hash units therefore must operate 
completely independently of each other- Further, the Bahlde cipher and hash units 

15 parallelism would not be possible since these units require simultaneous access to a block 
of data at a time while in the system of Russ, these units do not have parallel access to a 
block of data. Thus, unless there is a complete reconstruction and redesign of the Russ 
system^ the Bakhle imits could not be incorporated therein. Applicants submit that such 
obstacles to such reconstruction or redesign would dissuade a sIciHed artisan from being 

20 motivated to modify Russ in the manner proposed in the Office Action. Further, such 
reconstruction could only be accomplished by resorting to Applicants teachings which 
involves the hindsight reconstruction of the encryption circuit defined in claims 18 and 
20. 

It is noted that the material in lines 40^5 of column 1 cited in the Office Action 
25 pertains to ciphering algorithms and hash algorithms which characteristically operate on 
data having different block sizes. The Bakhle invention recognizes this fact and uses it to 
provide a storage unit having a size Q which is an integer multiple of M and N to 
accommodate the cipher unit which operates on a block of data having a first 
predetermined size M and the hash unit which operates on a data block having i second 
30 predetermined size N. Thus, Bakhle is seen not to teach providing a cryptographic device 
capable of performing cryptographic operations in different formats as stated in the 
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Office Action. In view of all of the foregoing, Applicants submit that claims 18 and 20 
should be deemed patentable over the cited teaching and proposed combination of Russ 
and Bakhle. 

The Office Action states that Russ doe$ not explicitly disclose a CMOS memory 
5 which is coupled to the dual-port memory 4 via the first bu$ of the dual port memory, 
containing the encryption keys, for example^ which is well known in the art. In support 
of this conclusion^ the Office Action cites the invention disclosed in Dvke as 
implementing these elements in a security device. Applicants submit that the rejection of 
claims 18 and 20 in the Office Action is stated to be based on the teachings of three 

10 references: Russ, Bakhle and the cited IBM Disclosure Bulletin. To now cite the 
invention disclosed in another reference. Dyke, i$ inconsistent with the present stated 
rejection. Moreover, Applicants submit that the inclusion of D>1ce makes the rejection 
improper. A further problem is that an earlier rejection dated August 2, 2007 states 
relative to the rejection of claims 18-20 that Dyke does not explicitly disclose a CMOS 

15 memory which is coupled with the dual port memory containing the encryption keys. 
Lastly, in regard to this rejection is that the Office Action states that it would have been 
obvious to one of ordinary skill in the art of computer security to modify the circuit of as 
combined above to provide a CMOS memory coupled with the dual port memory via the 
first bus of the dual port memory containing the encryption keys as taught in the IBM 

20 Technical Disclosure Bulletin. Obvioxisly, some words have been omitted firom the 
rejection rendering the rejection incomplete. That is, it is not known what circuit is being 
cited and what elements are being combined to render claims 18 and 20 obvious. 
Accordingly, Applicants request clarification of the grounds for the present rejection of 
claims 18 and 20. This same request also applies to claim 28 since the Office Action also 

25 cites the Dyke patent in the rejection of this claim. 

Before disci^ssing the cited material to the extent that the rqection is understood. 
Applicants point out that claims 18 and 20 have been amended to point out with greater 
particularity the aspects of the present invention related to the use of a CMOS memory* 
As amended, claims 18 and 20 now define that the CMOS memory is accessible during 

30 execution of encryption algorithms by the first and second encryption sub-modules and 
that the CMOS memory is connected to be reset upon detection of an alarm condition for 
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protecting the encryption keys from unauthorized access and use consistent with the 
teachings contained in Apphcants specification. Also, the claims have been amended to 
even better clarify that the CMOS memory contains the encryption keys in view of the 
OfSce Action reference in the rejection that the dual-port memoiy containing the 
5 encryption keys. 

The OfGce Action references the IBM Disclosure Bulletin as supporting well 
known art by disclosing a single chip microcontroller comprising a flash memory, a data 
RAM memory and a CMOS memory. Applicants find the IBM Disclosure Bulletin to 
disclose a solution for protecting the loadable microcode of a microcontroller which 

10 involves the encrypting the microcode for transportation and storage and decrypting the 
microcode only within the confines of the microcontroller itself The solution is 
implemented in Figure 1 wherein the microcode ROM is split into two segments (both 
ROM and RAM or EEPROM) and a new storage element (key storage) is defined. The 
smaller ROM which is common to all devices, would have bootstrap and decryption 

15 microcode and be used for initializing and "IPLing" (Initial Program Loading which is 
the process of copying an operating system into memory when a system is booted) the 
microcontroller. This would load the encrypted microcode into a microcode RAM or 
EEPROM, decrypt it and begin execution. To allow the decryption of the microcode by 
the microcontroller, the decryption key would be kept in the key storage element. The 

20 cited Disclosure Bulletin suggests additional security measures for protection of the 
microcode and key storage after having been loaded. Such measures relate to the type of 
chip fabrication/coating methods and the use of a CMOS RAM with battery backup. 
However, it should be noted that the IBM Disclosure Bulletin specifically states that the 
subject of key distribution and management is quite complicated and has not been dealt 

25 with by the disclosure. 

In view of the above. Applicants find the IBM Disclosure Bulletin to be directed 
to the protection of encrypted microcode a nd not to encryption of data as defined in 
claims 18 and 20, Fxirther, there is only a disclosure of a microcontroller that performs 
decryption of encrypted microcode and of security measures which involves the use of 

30 CMOS memory for storing a decryption key. By contrast, claims 18 and 20 provide a 
CMOS memory which is accessible during execution of encryption algorithms by the 
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first and second encryption sub-modules and that the CMOS memory is connected to be 
reset upon detection of an alann condition for protecting the encryption keys firom 
unauthorized access and use. Clearly, this arrangement is neither shown nor suggested 
by the IBM Disclosure Bulletin. The requirement for battery backup would not be 
5 relevant in the case of the present invention which provides a different approach. In view 
of the foregoing. Applicants submit that claims 18 and 20 should be deemed patentable 
over the cited references. A notice to this effect is respectfiiUy solicited. 
Claim 21 

Before discussing the rejection of claim 21, it will be noted that claim 21 has been 

10 amended to clarify that the two encryption processors couple to the first bus of the of the 
dua^port memory so as to be consistent with the remainder of the claim. Relative to the 
rejection. Applicants submit that claim 21 should be deemed patentable for the same 
reasons as set forth for claim 18. The Office Action in support of such rejection cites the 
same material in colmnn 5, lines 14-67 as cited in the rejection of claim 18. Additionally, 

15 the Office Action cites Figures 3-6 with description and table 2, column 8, column 13, 
lines 10 et seq. relative to the disclosure of a control unit that comprises a security unit 
that controls input and output and uses buses separate from the dual port bus and meets 
the recitation of and a bus isolator for isolating the second bus from the first bus of the 
dual port memory. Applicants find the cited material to describe the BCC 148, its 

20 security imit 250 shoAvn in Figure 6^ an encryption mode operation depicted in Figure 4 
and a decryption mode of operation depicted in Figure 5. As to the Office Action 
statement phrase '*meets the recitation of and a bus isolator", Applicants find such phrase 
incomplete in that it does not identify completely the recitation in claim 21 that is met. It 
is possible that the"and" is intended to be omitted from the phrase. Accordingly, based 

25 on this interpretation of the rejection. Applicants find cited table 2 to provide the 
definition of signals internal to the cryptographic device 140 of Figure 2, the cited 
column 8 to describe the processing steps of the flow chart of Figure 5 in carrying out a 
decryption operation and column 13, lines et seq, to describe the flow chart of Figure 8 
illustmting the operations of how a control device accesses the BCC 148 of device 140, 

30 Applicants find the cited descriptions absent a disclosure of a bus isolator which 

operates as defined in claim 21. The security unit 250 is described in Bakhle as 
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controlling the sequencing of the hash and cipher data paths through the proper datasets 
as well as generating a DONE signal to indicate to the DMA that BCC 148 is finished 
with the current data block and is ready to accept the next data block as described in 
column 6. The interface signals employed by the control device (e»g* MP 142) to 
5 interface with the BCC 148 are shown in Table 1. As seen jfirora the table, the interface 
signals include a bidirectional data bus (external bus) which is used to provide the data 
signals ID(33) via the control unit 160 to the IN BUFFER 190 and receive the data 
signals OD(32) from the OUT BUFFER 196 via control unit 160. From this, it seen from 
the cited descriptions that they disclose a single external bus associated with the control 

10 unit 160 and an absence of isolation circuits since BCC 14S includes separate in and out 
buffer circuits 190 and 196 which make isolation unnecessary. Also, Applicants find the 
cited descriptions absent and encryption component and at least two encryption 
processors, the encryption component coupled to the first bus of a dual port memory and 
the two encryption processors being coupled to the first bus via the second internal bus of 

1 5 the second sub-module wherein a bus isolator isolates the second bus from the first bus of 
the dual port memory as defined in amended claim 21. 

Further, Applicants find the cited descriptions absent of any disclosure of an 
encryption component dedicated to the processing of symmetric encryption algorithms 
and at least two encryption processors dedicated to the processing of asymmetric 

20 encryption algorithms. As discussed above, Bakhle teaches use of a single encryption 
(cipher) processor and a hash unit which performs a distinctly different type of operation. 
Applicants find no suggestion in the cited end of column 5 that the encryption processor 
and hash imit can be implemented with specific dedicated hardware components known 
in the art for the processing of asymmetric and symmetric algorithms as stated in the 

25 Office Action* In fact, the description at the end of column 5 states that reference may be 
made to a 1996 publication for disclosure of the specific algorithms used to determine the 
functionality of both the cipher unit and the hash unit. Such description can not be 
properly interpreted to mean that the functions of such units are to be changed as stated in 
the Office Action. 

30 The cited description also states relative to the use of specific dedicated hardware 

components for encryption and decryption that one skilled in the art knows that the cipher 
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umt 1 50 can be implemented using such ccanponents or as a softyvare routine. As to the 
hash unit 154, the cited description states that the hash unit 154 can implemented with 
dedicated hardware components or as a software routine. In other words, the cited 
material simply states that these units in Bakhle can be implemented in hardware or in 
5 software as will be understood by one skilled in the art. The cited description goes on to 
note that the hash unit includes an input for receiving plain text and an output for 
providing a generated digital signature in addition to not operating on ciphertext 
(encrypted text). This description ftuther evidences intent not to change the fimctionality 
of such units, hi view of all of the foregoing. Applicants submit that claim 21 should be 
10 deemed patentable over the cited description? of Bakhle. A notice to this effect is 
respectfully so hcited. 
Claims 22-23 and 25 

Relative to the rejection of claims 22-23 and 25, Apphcants submit that such 
claims should be deemed patentable for the same reasons as set forth for claim 18. The 

15 Office Action in support of such rejection cites the same material m column 5, lines 14- 
67 as cited in the rejection of claim 18. Applicants submit for the reasons given above 
relative to claim 21, the cited description in column 5, lines 50-67 does not show or 
suggest the use of different algorithms let alone the CIP and ACE configurations for 
encryption processors and the SCE configuration for the encryption componeni as 

20 defined in claims 22-23 and 25. As to having both processors CEP configured being a 
matter of design choice, the cited description of Bakhle in column 5 suggest the contrary. 
It indicates the selection of the DES encryption algorithm and MDS/SHA hashing 
algorithms. Clearly, this provides fiirther evidence as to the choice of algorithms by 
Bakhle which is in contrast to the configuration algorithms defined in claims 22-23 and 

25 25. hi view of the foregoing, Apphcants submit that claims 22-23 and 25 should be 
deemed patentable over the cited descriptions in Bakhle. A notice to this effect is 
respectfiiUy solicited, 
Clahns 24 and 26 

Relative to the rejection of claims 24 and 26, Applicants submit that such claims 
30 should be deemed patentable for the same reasons as set forth for claim 18. The Office 
Action acknowledges that Bakhle does not explicitly disclose that one of the processors 
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and the encryption component comprises a FPGA* The Office Action cites column 9, 
lines 55 et seq. relative to the disclosure of input output buffer arrays and cites the end of 
column 5 discussed above for disclosure that the cipher and hash units can be 
implemented with specific dedicated hardware components known in the art for 
5 processing of asynometric and symmetric algorithms. For the reasons given with respect 
to claims 21, 22-23 and 25, claims 24 and 26 should be deemed patentable over the cited 
Bakhle. It should be noted that relative to the input and output buffers, Bakhle in 
columns 9 and 11 that the input buffer 190 is a FIFO buffer implemented as a triple 
ported register RAM that is capable of supporting two read ports and one write port and 

10 that the output buffer 196 is a triple ported register RAM capable of supporting two read 
ports and one write port. Clearly, this description shows that Bakhle teaches the use of 
different hardware components in contrast to those defined in claims 24 and 26. Further, 
it should be noted that the storage function provided by the input and output buffers of 
Bakhle are in contrast to the encryption functions provided by a field programmable gate 

15 array defined in claims 24 and 26. These differences in construction and in fimction 
would dissuade one skilled in the art 6com attempting to implement such encryption 
functions with the cited components of Bakhle* In view of the foregoing, Applicants 
submit that claims 24 and 26 should be deemed patentable. A notice to this effect is 
solicited. 

20 Claim 27 

This claim defines the second sub-module as comprising a flash memory PROM 
and an SRAM memory coupled to the second internal bus of the sub-module. Applicants 
find this arrangement absent from the description contained in page 2 and Figure 1 of the 
IBM Disclosure Bulletin cited in the Office Action, As discussed relative to claims 18 
25 and 20^ the Bulletin discloses a solution for protecting the loadable microcode of a 
microcontroller which involves the encrypting the microcode for transportation and 
storage and decrypting the microcode only within the confines of the microcontroller 
itself. 

As discussed above, the solution is implemented in Figure 1 of the Bulletin 
30 wherein the microcode ROM is split into two segments (both ROM and RAM or, 
EEPROM) and a new storage element (key storage) is defined. The smaller ROM which 
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is common to all devices, would have bootstrap and decryption microcode and be used 
for initializing and "iPLing" (Initial Program Loading which is the process of copying an 
operating system into memory when a system is booted) the microcontroller. This would 
load the encrypted microcode into a microcode RAM or EEPROM, decrypt it and begin 
5 execution. To allow the decryption of the microcode by the microcontroller, the 
decryption key would be kept in the key storage element. From the foregoing, it is seen 
that cited memory components are not used to perform encryption, let alone encryption 
involving data exchanges as defined in claim 27 and the claims from which claim 27 
depends (i.e. claim 15). As to the selection of components being a matter of design 
choice. Applicants point out that the cited BuUeHn suggests the contrary by making a 
choice of using ROM and RAM which could be CMOS RAM or EEPROM rather than 
the flash memory PROM and an SRAM memory for the second encryption sub-module 
coupled to the second internal bus of the sub-module as specified in claim 27. In view of 
the foregoing. Applicants submit that claim 27 should be deemed patentable. A notice to 
15 this effect is respectfully, solicited. 
Claim 28 

Before discussing the rejection. Applicants point out that claim 28 has been 
amended to more particularly define the aspects of the claimed invention. Relative to the 
rejection of claim 18, Applicants submit that claim 28 should be deemed patentable for 
the same reasons as set forth for claim 18. Also, for the reasons given regarding the 
rejection of claims 18 and 20 relative to the citation of Dyke, Applicants find the basis of 
the rejection of claim 28 improper and request clarification. Applicants find the cited 
material absent a disclosure of an encryption circuit comprising a CMOS memory 
containing security keys and security mechanisms that trigger a reset mechanism of the 
25 CMOS memory in case of an alarm as defined in claim 28. As to the cited IBM 
Disclosure Bulletin, as discussed above, the CMOS memory is suggested for use 
implementing the key store and the microcode store because of its sensitivity to Ught and 
static charge which would make probing or examination difficult. Further, the cited 
Bulletin suggests that such RAMs could be backed up with a battery when the system 
was unpowered. Thus, the Bulletin contemplates that these RAMs maintain their 
contents intact and not be resettable as set forth in claim 28. 



20 



30 
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As concerns the citation of the Dyke patent, notwithstanding a request for further 
Qlarification as to the grounds of rejection, Applicants have reviewed the cited material in 
column 8, lines 25-32 and 63-67. The descriptions in lines 25-32 and 63-67 pertain to 
operations that occur in response to instructions issued by a ROM initialization routine 

5 which provide a software reset command to the DES chip, to clear different flags and 
thereafter when the host processor has information to be encrypted or decrypted, the 
encryption mode or decryption mode is selected for the DES chip foUowed by the 
issuance of a load DES master key command for loading the DES master key register 
with data from the dual port RAM (DPR), From this, it is seen that Dyke provides the 

10 capability of issuing a software reset of the DES chip in contrast to resetting a CMOS 
memory containing security keys and security mechanisms that trigger a reset mechanism 
of the CMOS memory in the case of an alarm as recited in claim 28. further, in Dyke, 
the cited DES reset operation occurs foUowing the start of the operation of the encryption 
board in response to a ROM initialization routine which can be likened to a power on or 

15 startup sequence. By contrast, the reset mechanism of claim 28 is not triggered during 
normal operation but rather in the case of an alarm causing the contents of the CMOS 
memory to be destroyed thereby protecting its contents from use or access. This clearly 
is oi>posite to ttie cited teachings of the Dyke patent. 

In view of the foregoing. Applicants submit that claim 28 should be deemed patentable. 
20 A notice to this effect is respectfiilly solicited. 
Claims 33-34 

Applicants submit that claims 33-34 directed to the encryption circuit further 
including a supporting card, should be deemed patentable for the reasons set forth relative 
to the rejection of claims 30-32. As previously stated. Applicants find the description 

25 contained in column 12, lines 47-65 absent any disclosure of a card supporting the 
encryption circuit. Applicants submit that the fact that the data transaction system of 
Figure 7 may use a magnetic reading device for reading a magnetic stripe on a card does 
not suggest that such card supports an encryption circuit. In fact, if one could broadly 
interpret such language to suggest support, it would be that the card would be viewed as 

30 providing support to the magnetic reading device. For these reasons, Applicants submit 
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that claims 33-34 should be deemed patentable. A notice to this efifect is respectfully 
solicited. 

In view of the above arguments and clarifying amendments. Applicants submit 
that claims 15-18 and 20- 34 should be deemed patentable over the cited prior art. A 
5 notice to this effect is respectfully sohcited- Applicants ask the Examiner to contact 
Applicants attorney to discuss the grounds for rejecting Applicants claims before acting 
on this amendment. Also, if any questions or issues should arise with respect to this 
amendment or the allowability of this application, the Examiner is urged to call 
Applicants* representative at the number indicated herein* Further, if the Examiner feels 
10 that a discussion will further advance the prosecution of this application, the Examiner is 
also urged to call as suggested herein. 



Respectfully submitted^ 




Russell W. Guenthner, Ph.D. 
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